chore(deps-dev): bump the minor-development-deps group with 8 updates

[dependabot]

Bumps the minor-development-deps group with 8 updates:

Package	From	To
@types/node	22.5.1	22.7.4
@vitest/coverage-v8	2.0.5	2.1.1
express	4.19.2	4.21.0
fetch-mock	11.1.3	11.1.5
msw	2.4.1	2.4.9
tsup	8.2.4	8.3.0
typescript	5.5.4	5.6.2
vitest	2.0.5	2.1.1

Updates @types/node from 22.5.1 to 22.7.4

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 2.0.5 to 2.1.1

Release notes

Sourced from @​vitest/coverage-v8's releases.

v2.1.1

   🐞 Bug Fixes

• browser:
  • Make example test callbacks async  -  by @​aqandrew in vitest-dev/vitest#6484 (16aa7)
  • Optimize vitest-browser-vue correctly  -  by @​sheremet-va in vitest-dev/vitest#6490 (5cbb0)
• workspace:
  • Resolve glob pattern once to avoid name collision  -  by @​sheremet-va in vitest-dev/vitest#6489 (36b5a)

    View changes on GitHub

v2.1.0

This release makes another big change to the Browser Mode by introducing locators API:

test('renders blog posts', async () => {
  const screen = page.render(<Blog />)
await expect.element(screen.getByRole('heading', { name: 'Blog' })).toBeInTheDocument()
const [firstPost] = screen.getByRole('listitem').all()
await firstPost.getByRole('button', { name: 'Delete' }).click()
expect(screen.getByRole('listitem').all()).toHaveLength(3)
})

You can use either vitest-browser-vue, vitest-browser-svelte or vitest-browser-react to render components and make assertions using locators. Locators are also available on the page object from @vitest/browser/context.

Potential Breaking Change

• workspace:
  • Correctly resolve workspace globs and file paths  -  by @​sheremet-va in vitest-dev/vitest#6316 (afdcb)
  • This changes how the custom glob pattern in the workspace config is treated. Any file matching the glob is considered a Vitest config file. Any folder matching the glob pattern is treated as a workspace project and is subject to the regular config resolution (single vitest.config.ts or vite.config.ts inside the folder)
  • For example, projects/* will match anything inside the projects folder. If it's a folder, we try to find the config inside that folder (if there is none, it is still treated as a project with the default config). If it's a file, it will be treated as a Vitest config. projects/**/* previously would assume that you only wanted to have folders as projects, but now it will match every single file insideprojects.
  • This change doesn't affect non-glob usage.

   🚀 Features

• api:
  • Make spec into a class instead of a tuple  -  by @​sheremet-va in vitest-dev/vitest#6355 (874a1)
• browser:
  • Move page.config to server.config, add more docs  -  by @​sheremet-va in vitest-dev/vitest#6252 (af2b8)
  • Make iframe scalable, improve documentation  -  by @​sheremet-va in vitest-dev/vitest#6257 (74ca1)
  • Introduce built-in locators  -  by @​sheremet-va in vitest-dev/vitest#6084 (3347f)
  • Support v8 coverage  -  by @​AriPerkkio in vitest-dev/vitest#6273 (34199)
  • Support userEvent.upload in playwright provider  -  by @​sheremet-va in vitest-dev/vitest#6442 (cf148)
  • Support --inspect  -  by @​AriPerkkio in vitest-dev/vitest#6433 (0499a)
  • Support --inspect-brk  -  by @​AriPerkkio in vitest-dev/vitest#6434 (7ab0f)

... (truncated)

Commits

• 699055e chore: release v2.1.1
• 9f1fd18 chore: release v2.1.0
• b2be23e chore: release v2.1.0-beta.7
• 8ac7011 chore: release v2.1.0-beta.6
• da52d23 fix(coverage): use project specific vitenode for uncovered files (#6044)
• 5932a7f feat(coverage): add --exclude-after-remap (#6309)
• 34199bd feat(browser): support v8 coverage (#6273)
• 72056b5 chore: release v2.1.0-beta.5
• 91dea8c fix(coverage): v8 to warn instead of crash when conversion fails (#6318)
• 1f6cb59 fix(coverage): v8 to support source maps with multiple sources (#6120)
• Additional commits viewable in compare view

Updates express from 4.19.2 to 4.21.0

Release notes

Sourced from express's releases.

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• [email protected] by @​wesleytodd in expressjs/express#5954
• fix(deps): [email protected] by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: [email protected] by @​blakeembrey in expressjs/express#5603

... (truncated)

Changelog

Sourced from express's changelog.

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: [email protected]
  • includes [email protected]
• deps: [email protected]
• deps: [email protected]

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

• 7e562c6 4.21.0
• 1bcde96 fix(deps): [email protected] (#5946)
• 7d36477 fix(deps): [email protected] (#5951)
• 40d2d8f fix(deps): [email protected]
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to [email protected]
• 9ebe5d5 feat: upgrade to [email protected] (#5928)
• ec4a01b feat: upgrade to [email protected] (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• Additional commits viewable in compare view

Updates fetch-mock from 11.1.3 to 11.1.5

Release notes

Sourced from fetch-mock's releases.

fetch-mock: v11.1.5

11.1.5 (2024-09-25)

Bug Fixes

• change export order so default is last (bc9c41d)

fetch-mock: v11.1.4

11.1.4 (2024-09-19)

Documentation Changes

• another occurrence of the cheatsheet ref (875e4f6)
• fix link to cheatsheet (33e75b1)

Changelog

Sourced from fetch-mock's changelog.

11.1.5 (2024-09-25)

Bug Fixes

• change export order so default is last (bc9c41d)

11.1.4 (2024-09-19)

Documentation Changes

• another occurrence of the cheatsheet ref (875e4f6)
• fix link to cheatsheet (33e75b1)

Commits

• 95036e1 chore: release main
• bc9c41d fix: change export order so default is last
• 9f85089 chore: release main
• 875e4f6 docs: another occurrence of the cheatsheet ref
• 33e75b1 docs: fix link to cheatsheet
• See full diff in compare view

Updates msw from 2.4.1 to 2.4.9

Release notes

Sourced from msw's releases.

v2.4.9 (2024-09-20)

Bug Fixes

• ClientRequest: support Request as init when recording raw headers (#2293) (bf982eaa70ddd5d08706b8877ceb6c6c2517f660) @​kettanaito

v2.4.8 (2024-09-17)

Bug Fixes

• address express and path-to-regexp vulnerabilities (#2285) (e3487bc4259368adc33739eb9490bde8421a215c) @​markmssd

v2.4.7 (2024-09-15)

Bug Fixes

• ClientRequest: prevent duplicates when recording set headers (#2284) (e04eb8f44ffcf5ce755aa224d31a8576f4719a9f) @​kettanaito
• use Object.defineProperty for Headers proxy (#2283) (94e17beea475a494c1de8b58ea399e518f55ddda) @​kettanaito

v2.4.6 (2024-09-13)

Bug Fixes

• xhr: clone request body before calculating its size (#2282) (397444bcc386bbe560aa649460cb92cdb31d28a9) @​kettanaito

v2.4.5 (2024-09-11)

Bug Fixes

• remove cookies with max-age=0 from cookie store (#2275) (c307ab27643fc80631d3f0a28e72f7339a54af70) @​kettanaito

v2.4.4 (2024-09-08)

Bug Fixes

• fetch: follow mocked redirect responses (#2268) (f5785bfba1a026075feca4f74cadfcb636ffc257) @​kettanaito
• Adopts a new, Socket-based request interception algorithm.

v2.4.3 (2024-09-07)

Bug Fixes

• revert "graphql" as optional peer dependency (#2267) (7cd39e787aa9766eef914bce3d65daec1ce16635) @​kettanaito

v2.4.2 (2024-09-04)

Bug Fixes

• cli: support windows paths in the init command (#2260) (ba285b887cedfa22f32ae1e8d6569e57174cb561) @​ivanfernandez2646 @​kettanaito
• use [email protected] as the minimal supported version (#2251) (6b2a7e6be8f9b63c2549ad7fbf271d38f803ad6e) @​THETCR @​kettanaito

... (truncated)

Commits

• 452686d chore(release): v2.4.9
• bf982ea fix(ClientRequest): support Request as init when recording raw headers (#2293)
• 5342c19 chore(release): v2.4.8
• e3487bc fix: address express and path-to-regexp vulnerabilities (#2285)
• 668d31e chore(release): v2.4.7
• e04eb8f fix(ClientRequest): prevent duplicates when recording set headers (#2284)
• 94e17be fix: use Object.defineProperty for Headers proxy (#2283)
• 1f81e98 chore(release): v2.4.6
• 397444b fix(xhr): clone request body before calculating its size (#2282)
• 8e17330 chore(release): v2.4.5
• Additional commits viewable in compare view

Updates tsup from 8.2.4 to 8.3.0

Release notes

Sourced from tsup's releases.

v8.3.0

8.3.0 (2024-09-17)

Bug Fixes

• fix experimentalDts file cleaning and watching (#1199) (76dc18b)

Features

• add support for cts and mts config files (#1178) (ec811b3)
• add support for async injectStyle (#1193) (f25a9db)

Commits

• f25a9db feat: add support for async injectStyle (#1193)
• fc72d45 chore: add target es2023 (#1190)
• 76dc18b fix: fix experimentalDts file cleaning and watching (#1199)
• ec811b3 feat: add support for cts and mts config files (#1178)
• 3f44303 refactor: replace globby with tinyglobby (#1168)
• See full diff in compare view

Updates typescript from 5.5.4 to 5.6.2

Release notes

Sourced from typescript's releases.

TypeScript 5.6

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).
• fixed issues query for Typescript 5.6.1 (RC).
• fixed issues query for Typescript 5.6.2 (Stable).

Downloads are available on:

• npm
• NuGet package

TypeScript 5.6 RC

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for TypeScript v5.6.1 (RC).
• fixed issues query for TypeScript v5.6.0 (Beta).

Downloads are available on:

• npm

TypeScript 5.6 Beta

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).

Downloads are available on:

• npm
• NuGet package

Commits

• a7e3374 Bump version to 5.6.2 and LKG
• 2063357 🤖 Pick PR #59708 (LEGO: Pull request from lego/hb_537...) into release-5.6 (#...
• 4fe7e41 🤖 Pick PR #59670 (fix(59649): ts Move to a new file d...) into release-5.6 (#...
• 1a03e53 🤖 Pick PR #59761 (this can be nullish) into release-5.6 (#59762)
• 6212132 Update LKG
• bbb5faf 🤖 Pick PR #59542 (Fixing delay caused in vscode due t...) into release-5.6 (#...
• e6914a5 Bump version to 5.6.1-rc and LKG
• 34121c4 Update LKG
• 2a30c2a Merge remote-tracking branch 'origin/main' into release-5.6
• 936a79b Expose TypeChecker. getAwaitedType to public (#59268)
• Additional commits viewable in compare view

Updates vitest from 2.0.5 to 2.1.1

Release notes

Sourced from vitest's releases.

v2.1.1

   🐞 Bug Fixes

• browser:
  • Make example test callbacks async  -  by @​aqandrew in vitest-dev/vitest#6484 (16aa7)
  • Optimize vitest-browser-vue correctly  -  by @​sheremet-va in vitest-dev/vitest#6490 (5cbb0)
• workspace:
  • Resolve glob pattern once to avoid name collision  -  by @​sheremet-va in vitest-dev/vitest#6489 (36b5a)

    View changes on GitHub

v2.1.0

This release makes another big change to the Browser Mode by introducing locators API:

test('renders blog posts', async () => {
  const screen = page.render(<Blog />)
await expect.element(screen.getByRole('heading', { name: 'Blog' })).toBeInTheDocument()
const [firstPost] = screen.getByRole('listitem').all()
await firstPost.getByRole('button', { name: 'Delete' }).click()
expect(screen.getByRole('listitem').all()).toHaveLength(3)
})

You can use either vitest-browser-vue, vitest-browser-svelte or vitest-browser-react to render components and make assertions using locators. Locators are also available on the page object from @vitest/browser/context.

Potential Breaking Change

• workspace:
  • Correctly resolve workspace globs and file paths  -  by @​sheremet-va in vitest-dev/vitest#6316 (afdcb)
  • This changes how the custom glob pattern in the workspace config is treated. Any file matching the glob is considered a Vitest config file. Any folder matching the glob pattern is treated as a workspace project and is subject to the regular config resolution (single vitest.config.ts or vite.config.ts inside the folder)
  • For example, projects/* will match anything inside the projects folder. If it's a folder, we try to find the config inside that folder (if there is none, it is still treated as a project with the default config). If it's a file, it will be treated as a Vitest config. projects/**/* previously would assume that you only wanted to have folders as projects, but now it will match every single file insideprojects.
  • This change doesn't affect non-glob usage.

   🚀 Features

• api:
  • Make spec into a class instead of a tuple  -  by @​sheremet-va in vitest-dev/vitest#6355 (874a1)
• browser:
  • Move page.config to server.config, add more docs  -  by @​sheremet-va in vitest-dev/vitest#6252 (af2b8)
  • Make iframe scalable, improve documentation  -  by @​sheremet-va in vitest-dev/vitest#6257 (74ca1)
  • Introduce built-in locators  -  by @​sheremet-va in vitest-dev/vitest#6084 (3347f)
  • Support v8 coverage  -  by @​AriPerkkio in vitest-dev/vitest#6273 (34199)
  • Support userEvent.upload in playwright provider  -  by @​sheremet-va in vitest-dev/vitest#6442 (cf148)
  • Support --inspect  -  by @​AriPerkkio in vitest-dev/vitest#6433 (0499a)
  • Support --inspect-brk  -  by @​AriPerkkio in vitest-dev/vitest#6434 (7ab0f)

... (truncated)

Commits

• 699055e chore: release v2.1.1
• 36b5ace fix(workspace): resolve glob pattern once to avoid name collision (#6489)
• 16aa76c fix(browser): make example test callbacks async (#6484)
• 9f1fd18 chore: release v2.1.0
• 94a186e fix(ui): render project name consistently (#6329)
• ac698b1 fix: expect.getState().testPath always returns correct path (#6472)
• b2be23e chore: release v2.1.0-beta.7
• 0b44722 fix: ignore importer when resolving Vitest (#6469)
• 97773e2 chore: fix edge case in license files bundling (#6460)
• 7ab0f4a feat(browser): support --inspect-brk (#6434)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.